There is a sample tomcat-users.xml included with tomcat 4.0 in the conf directory. Just follow this format. Yes, the file must be in this format, unless you write your own connector.
The server containing the tomcat-users file definitely must be protected. Yes, this is less secure than storing the users/passwords in a directory/database. Tim --- [EMAIL PROTECTED] wrote: > Thanks for all the help. > > I just have abt 39 users and I cant figure out how > to instruct the server to > use the flat file that has the user/password > combinations. Should the flat file > be necessarily a .xml file ? Isnt saving the > password in ascii form less secure > (?) > > Thanks again. > > Sujay > > Quoting Timothy Fisher <[EMAIL PROTECTED]>: > > > Form-authentication is a good way to go. Make > sure > > that the form is submitted over an SSL link. If > not, > > you will be submitting the passwords over a clear > > channel. > > > > There are more scalable places of storing the user > > credentials than in the "tomcat-users.xml" file. > This > > file is mainly intended for demonstration > purposes. A > > better solution would store the users in an LDAP > > directory or database. If the users were stored > in a > > directory or database, than you would just make > the > > appropriate database/directory calls to update the > > users password. > > > > How many users will you have? If you will only > ever > > have a small number of users, then the flat file > may > > be suitable. > > > > Tim > > > > > > --- [EMAIL PROTECTED] wrote: > > > I use the tomcat-users.xml file to store the > user > > > groups. > > > > > > Is there a more simple but yet secure way to > protect > > > access to pages other than > > > form authentication, wherein I dont have to > write > > > the code for security. > > > > > > - Sujay > > > > > > Quoting Timothy Fisher <[EMAIL PROTECTED]>: > > > > > > > The answer will depend on where you are > storing > > > your > > > > user credentials (names, and passwords). > > > > Are you using a flat file, LDAP directory, > > > database??? > > > > > > > > Tim > > > > > > > > --- [EMAIL PROTECTED] wrote: > > > > > I'm not sure if this is the right mailing > list > > > to > > > > > post to... > > > > > > > > > > I use form authentication to authenticate > > > certain > > > > > users to restricted pages. > > > > > I also want to let them change their > passwords > > > from > > > > > time to time. > > > > > How do I do this ? I'm use a combination of > > > > > JSP/JavaBean/Servlet technology. > > > > > > > > > > Any help in this matter wud be greatly > > > appreciated. > > > > > > > > > > - Sujay Daniel > > > > > > > > > > > > > > > -- > > > > > To unsubscribe: > > > > > > > > > <mailto:[EMAIL PROTECTED]> > > > > > For additional commands: > > > > > <mailto:[EMAIL PROTECTED]> > > > > > Troubles with the list: > > > > > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Make a great connection at Yahoo! Personals. > > > > http://personals.yahoo.com > > > > > > > > -- > > > > To unsubscribe: > > > > <mailto:[EMAIL PROTECTED]> > > > > For additional commands: > > > <mailto:[EMAIL PROTECTED]> > > > > Troubles with the list: > > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > > > > > > > > > -- > > > To unsubscribe: > > > > <mailto:[EMAIL PROTECTED]> > > > For additional commands: > > > <mailto:[EMAIL PROTECTED]> > > > Troubles with the list: > > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Make a great connection at Yahoo! Personals. > > http://personals.yahoo.com > > > > -- > > To unsubscribe: > <mailto:[EMAIL PROTECTED]> > > For additional commands: > <mailto:[EMAIL PROTECTED]> > > Troubles with the list: > <mailto:[EMAIL PROTECTED]> > > > > > > > -- > To unsubscribe: > <mailto:[EMAIL PROTECTED]> > For additional commands: > <mailto:[EMAIL PROTECTED]> > Troubles with the list: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
